Blog

/Blog/

Shevirah Announces Post Conference Workshop at InfoSec World, Florida

Ashburn, Virginia, 2nd March 2018 – Shevirah, a specialist in automated mobile and IoT device testing and training, today announced that their CTO and Founder, Georgia Weidman, will be leading a post conference workshop at the upcoming InfoSec World Conference and Expo 2018 in Lake Buena Vista, Florida.

The perimeter has been shattered. We do not sit at desks in offices working on corporate issued workstations. We work from home, at client sites, on airplanes using laptops, mobile phones, tablets, smartwatches, and Internet of Things (IoT) devices. Bring Your Own Device (BYOD) has introduced thousands of devices of unknown security postures to the network.

There is an IoT meeting scheduler outside every room at office, a Smart TV in every meeting room, and maintenance just switched the entire building to smart lightbulbs. Yet our security testing programs and tools focuses almost exclusively on the traditional idea of an enterprise, workstations, servers, a hardened perimeter with a firewall. Attackers are not so generous and are launching attacks against the ubiquitous mobile and IoT endpoints. Security must catch […]

By |March 5th, 2018|Uncategorized|0 Comments

Dagah case study – Sasakawa USA institution

Automated mobile device vulnerability assessment, penetration testing, and mobile security awareness training

 

 

Situation

Sasakawa USA is a non-profit, non-partisan institution devoted to research, analysis, and better understanding of the US-Japan relationship in the areas of security, diplomacy, economics, business, trade, technology, and other matters of common concern.  Given the former role of Adm. Dennis C. Blair, U.S. Navy (Ret.), current Chairman and CEO of Sasakawa Peace Foundation USA as the US Director of National Intelligence and the think tank’s ongoing contact with high-level officials in the US Government, the organization is a target for sophisticated adversaries looking to use it as a stepping stone into government targets.

Solution

At Sasakawa USA’s request, Shevirah ran a campaign of social engineering attacks against Sasakawa USA’s employees using the Dagah Mobile Penetration Testing software.  This simulation of real world attacks that Sasakawa USA could face evaluated the mobile hygiene of employees and provided teaching points on how to identify and respond to actual mobile phishing attacks.  The vast majority of cyber attacks begin with phishing.

Results

“Shevirah’s mobile pen testing tool is truly cutting edge,” said Adm. Dennis C. Blair, U.S. Navy (Ret.), Chairman and CEO of […]

By |December 9th, 2017|Uncategorized|0 Comments

Shevirah announces new version of Dagah mobile and IoT pen testing and phishing tool and personnel additions

 

Ashburn, VA, November 21, 2017, Shevirah, a cybersecurity startup offering mobile and IoT device penetration testing and simulated phishing solutions, today announced the availability of a new and improved version of its popular Dagah tool.  The new version is available immediately from the company website, as an update for existing subscribers, or as a free enterprise trial.  Admiral Blair, Ex. Director of National Intelligence, describes the Dagah tool as “truly cutting edge”.  Early testers include the DoD, government agencies, and financial institutions. 

Shevirah founder and CTO, Georgia Weidman, the well-known cybersecurity expert and conference speaker, author of the textbook, “Penetration Testing – A Hands-On Introduction to Hacking”, long-time Director, Michael W. Wellman, Wi-Fi and Internet pioneer, CEO and co-founder of Virgil Security, Inc., and long-time advisors,  Monique Morrow, previously Cisco’s CTO-Evangelist for New Frontiers Development and Engineering, and Gaige Paulsen, CTO at haste.net,  are joined by two new advisors, Peter Laitin and Simon Hartley, co-founders of 202 Partners, North Bethesda, MD.

202 is a boutique enterprise software sales advisory company focusing on the commercialization of emerging technology in cybersecurity, mobility and IoT.  202’s recent successes include large mobile cybersecurity wins […]

By |November 20th, 2017|Uncategorized|0 Comments

Shitsco CTF Problem Walkthrough

I started my career doing security research. I guess technically I had a government red team job before that, but to really get where I wanted to go in the industry I did some research, gave some talks, and went from there. But for the past couple of years I’ve mainly been focusing on building my consulting practice, commercializing my mobile security research, and build a product startup. So I haven’t had as much time for research as I would have liked. With the release of our first pro product Dagah I’ve made a resolution to change that. 

I’ve decided to start this blog to post some of my work. My goal is to make everything understandable to someone who has read the exploit development chapters in my book and/or did the exploit development exercises in the OSCP course and exam. I find that even with years of study I sometimes fall into the gaps of assumed knowledge and skipped steps on vulnerability write-ups. What I’ll try and do different here is make everything I post go step by step and include all the background. That might make it really boring to some of […]

By |July 11th, 2017|Uncategorized|0 Comments